[MariaDB]: Enforcing SSL for all connections

July 27, 2016 · by dbversity · in MariaDB

If we’ve configured required ssl configuration in the my.cnf and enabled ssl globally with required variables (have_ssl, have_open_ssl).
Though we create users without REQUIRE SSL privilege, they will use SSL connection.

[ root @ dbversity : /var/lib/mysql ] grep ‘ssl’ /etc/opt/rh/rh-mariadb101/my.cnf
ssl-ca = /etc/opt/rh/rh-mariadb101/pki/dbversity.crt
ssl
ssl-cipher = AES128+EECDH:AES128+EDH
ssl-ca = /etc/opt/rh/rh-mariadb101/pki/dbversity.crt
ssl-cert = /etc/opt/rh/rh-mariadb101/pki/dbversity_server.cer
ssl-key = /etc/opt/rh/rh-mariadb101/pki/dbversity.key
[ root @ dbversity : /var/lib/mysql ]

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> GRANT all privileges on *.* to ‘nonsslusr’@’%’ identified by ‘XXXXXXXXX’;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

[ root @ dbversity : /var/lib/mysql ] mysql -u nonsslusr -p”XXXXXXXXX” -h localhost -e “\s” | grep SSL
SSL: Cipher in use is DHE-RSA-AES128-GCM-SHA256
[ root @ dbversity : /var/lib/mysql ]
[ root @ dbversity : /var/lib/mysql ]

Tags: [MariaDB]: Enforcing SSL for all connections, SSL hardening, SSL permenently

[MariaDB]: Enforcing SSL for all connections

Leave a Reply

Categories

Categories